package org.apache.wicket.core.request.mapper;

import ch.qos.logback.core.AsyncAppenderBase;
import ch.qos.logback.core.CoreConstants;
import java.util.Iterator;
import java.util.List;
import java.util.function.Supplier;
import org.apache.wicket.Application;
import org.apache.wicket.core.request.handler.RequestSettingRequestHandler;
import org.apache.wicket.protocol.http.PageExpiredException;
import org.apache.wicket.request.IRequestHandler;
import org.apache.wicket.request.IRequestMapper;
import org.apache.wicket.request.Request;
import org.apache.wicket.request.Url;
import org.apache.wicket.request.mapper.IRequestMapperDelegate;
import org.apache.wicket.util.crypt.ICrypt;
import org.apache.wicket.util.lang.Args;
import org.apache.wicket.util.string.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/wicket-core-9.6.0.jar:org/apache/wicket/core/request/mapper/CryptoMapper.class */
public class CryptoMapper implements IRequestMapperDelegate {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CryptoMapper.class);
    private static final String ENCRYPTED_PAGE_COMPONENT_INFO_PARAMETER = "wicket-crypt";
    private static final String ENCRYPTED_URL_MARKER_PREFIX = "crypt.";
    private final IRequestMapper wrappedMapper;
    private final Supplier<ICrypt> cryptProvider;
    private boolean markEncryptedUrls;

    /* loaded from: input_file:WEB-INF/lib/wicket-core-9.6.0.jar:org/apache/wicket/core/request/mapper/CryptoMapper$HashedSegmentGenerator.class */
    public static class HashedSegmentGenerator {
        private char[] characters;
        private int hash = 0;

        public HashedSegmentGenerator(String str) {
            this.characters = str.toCharArray();
        }

        public String next() {
            char c = this.characters[Math.abs(this.hash % this.characters.length)];
            this.hash++;
            char c2 = this.characters[Math.abs(this.hash % this.characters.length)];
            this.hash++;
            String str = c + c2 + this.characters[Math.abs(this.hash % this.characters.length)];
            this.hash = hashString(str);
            String str2 = str + String.format("%02x", Integer.valueOf(Math.abs(this.hash % AsyncAppenderBase.DEFAULT_QUEUE_SIZE)));
            this.hash = hashString(str2);
            return str2;
        }

        public int hashString(String str) {
            int i = 97;
            for (char c : str.toCharArray()) {
                i = (47 * i) + c;
            }
            return i;
        }
    }

    public CryptoMapper(IRequestMapper iRequestMapper, Application application) {
        this(iRequestMapper, (Supplier<ICrypt>) () -> {
            return application.getSecuritySettings().getCryptFactory().newCrypt();
        });
    }

    public CryptoMapper(IRequestMapper iRequestMapper, Supplier<ICrypt> supplier) {
        this.markEncryptedUrls = false;
        this.wrappedMapper = (IRequestMapper) Args.notNull(iRequestMapper, "wrappedMapper");
        this.cryptProvider = (Supplier) Args.notNull(supplier, "cryptProvider");
    }

    public boolean getMarkEncryptedUrls() {
        return this.markEncryptedUrls;
    }

    public CryptoMapper setMarkEncryptedUrls(boolean z) {
        this.markEncryptedUrls = z;
        return this;
    }

    @Override // org.apache.wicket.request.IRequestMapper
    public int getCompatibilityScore(Request request) {
        Url decryptUrl = decryptUrl(request, request.getUrl());
        if (decryptUrl == null) {
            return 0;
        }
        return this.wrappedMapper.getCompatibilityScore(request.cloneWithUrl(decryptUrl));
    }

    @Override // org.apache.wicket.request.IRequestMapper
    public Url mapHandler(IRequestHandler iRequestHandler) {
        Url mapHandler = this.wrappedMapper.mapHandler(iRequestHandler);
        if (mapHandler == null) {
            return null;
        }
        return mapHandler.isFull() ? mapHandler : encryptUrl(mapHandler);
    }

    @Override // org.apache.wicket.request.IRequestMapper
    public IRequestHandler mapRequest(Request request) {
        Url decryptUrl = decryptUrl(request, request.getUrl());
        if (decryptUrl == null) {
            return null;
        }
        Request cloneWithUrl = request.cloneWithUrl(decryptUrl);
        IRequestHandler mapRequest = this.wrappedMapper.mapRequest(cloneWithUrl);
        if (mapRequest != null) {
            mapRequest = new RequestSettingRequestHandler(cloneWithUrl, mapRequest);
        }
        return mapRequest;
    }

    protected final ICrypt getCrypt() {
        return this.cryptProvider.get();
    }

    @Override // org.apache.wicket.request.mapper.IRequestMapperDelegate
    public final IRequestMapper getDelegateMapper() {
        return this.wrappedMapper;
    }

    protected IMapperContext getContext() {
        return Application.get().getMapperContext();
    }

    protected Url encryptUrl(Url url) {
        return (url.getSegments().size() <= 0 || !url.getSegments().get(0).equals(getContext().getNamespace())) ? encryptRequestListenerParameter(url) : encryptEntireUrl(url);
    }

    protected Url encryptEntireUrl(Url url) {
        String encryptUrlSafe = getCrypt().encryptUrlSafe(url.toString());
        Url url2 = new Url(url.getCharset());
        if (getMarkEncryptedUrls()) {
            url2.getSegments().add("crypt." + encryptUrlSafe);
        } else {
            url2.getSegments().add(encryptUrlSafe);
        }
        int size = url.getSegments().size() - 1;
        HashedSegmentGenerator hashedSegmentGenerator = new HashedSegmentGenerator(encryptUrlSafe);
        for (int i = 0; i < size; i++) {
            url2.getSegments().add(hashedSegmentGenerator.next());
        }
        return url2;
    }

    protected Url encryptRequestListenerParameter(Url url) {
        Url url2 = new Url(url);
        boolean z = false;
        Iterator<Url.QueryParameter> it = url2.getQueryParameters().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Url.QueryParameter next = it.next();
            if (MapperUtils.parsePageComponentInfoParameter(next) != null) {
                it.remove();
                url2.getQueryParameters().add(0, new Url.QueryParameter(ENCRYPTED_PAGE_COMPONENT_INFO_PARAMETER, getCrypt().encryptUrlSafe(next.getName())));
                z = true;
                break;
            }
        }
        return z ? url2 : url;
    }

    protected Url decryptUrl(Request request, Url url) {
        Url decryptEntireUrl = decryptEntireUrl(request, url);
        if (decryptEntireUrl == null && url.getSegments().size() > 0 && url.getSegments().get(0).equals(getContext().getNamespace())) {
            if (request.getOriginalUrl().getSegments().size() <= 0 || !request.getOriginalUrl().getSegments().get(0).equals(getContext().getNamespace())) {
                return url;
            }
            return null;
        }
        if (decryptEntireUrl == null) {
            decryptEntireUrl = decryptRequestListenerParameter(request, url);
        }
        log.debug("Url '{}' has been decrypted to '{}'", url, decryptEntireUrl);
        return decryptEntireUrl;
    }

    protected Url decryptEntireUrl(Request request, Url url) {
        Url url2 = new Url(request.getCharset());
        List<String> segments = url.getSegments();
        if (segments.isEmpty()) {
            return null;
        }
        String str = segments.get(0);
        if (Strings.isEmpty(str)) {
            return null;
        }
        if (getMarkEncryptedUrls()) {
            if (!str.startsWith(ENCRYPTED_URL_MARKER_PREFIX)) {
                return null;
            }
            str = str.substring(ENCRYPTED_URL_MARKER_PREFIX.length());
        }
        try {
            String decryptUrlSafe = getCrypt().decryptUrlSafe(str);
            if (decryptUrlSafe == null) {
                if (getMarkEncryptedUrls()) {
                    throw new PageExpiredException("Encrypted URL is no longer decryptable");
                }
                return null;
            }
            Url parse = Url.parse(decryptUrlSafe, request.getCharset());
            int size = parse.getSegments().size();
            int size2 = url.getSegments().size();
            if (size > 0) {
                url2.getSegments().add(parse.getSegments().get(0));
            }
            HashedSegmentGenerator hashedSegmentGenerator = new HashedSegmentGenerator(str);
            int i = 1;
            while (i < size2 && i < size && hashedSegmentGenerator.next().equals(segments.get(i))) {
                url2.getSegments().add(parse.getSegments().get(i));
                i++;
            }
            while (i < size2) {
                url2.getSegments().add(url.getSegments().get(i));
                i++;
            }
            url2.getQueryParameters().addAll(parse.getQueryParameters());
            url2.getQueryParameters().addAll(url.getQueryParameters());
            return url2;
        } catch (Exception e) {
            log.error("Error decrypting URL", (Throwable) e);
            return null;
        }
    }

    protected Url decryptRequestListenerParameter(Request request, Url url) {
        Url url2 = new Url(url);
        url2.getQueryParameters().clear();
        for (Url.QueryParameter queryParameter : url.getQueryParameters()) {
            if (MapperUtils.parsePageComponentInfoParameter(queryParameter) != null) {
                if (request.getOriginalUrl().getQueryParameter(queryParameter.getName()) != null) {
                    return null;
                }
                url2.getQueryParameters().add(queryParameter);
            } else if (ENCRYPTED_PAGE_COMPONENT_INFO_PARAMETER.equals(queryParameter.getName())) {
                String value = queryParameter.getValue();
                if (Strings.isEmpty(value)) {
                    url2.getQueryParameters().add(queryParameter);
                } else {
                    String str = null;
                    try {
                        str = getCrypt().decryptUrlSafe(value);
                    } catch (Exception e) {
                        log.error("Error decrypting encrypted request listener query parameter", (Throwable) e);
                    }
                    if (Strings.isEmpty(str)) {
                        url2.getQueryParameters().add(queryParameter);
                    } else {
                        url2.getQueryParameters().add(0, new Url.QueryParameter(str, CoreConstants.EMPTY_STRING));
                    }
                }
            } else {
                url2.getQueryParameters().add(queryParameter);
            }
        }
        return url2;
    }
}
